On not logging things

January 12, 2006

One of the machines I help look after is an open, read-only Usenet server (details here; the open access is a 'because we can' thing). You might be surprised to know that the server logs only minimal information about NNTP sessions, and this is a deliberate action that required hacking the software a bit.

When I was setting up the machine and planning open access for everyone on campus, I found myself thinking about how I'd feel if, for example, some day a department head came to us to say 'I want to know what newsgroups people in my department are reading'. Much like library borrowing records, what newsgroups people read can be embarrassing or damaging; did I really want to be in a position of turning over that information?

We could have drawn up a strong privacy policy. But privacy policies are subject to being overridden by higher powers, such as department heads who can get the ear of the Dean. What would I do then? In the end the best way to protect this information was to not collection it, because what you don't log you can't be required to produce later. (We could always be required to introduce logging, but this would take more than semi-casual curiosity backed by political power.)

As system administrators, we often default to logging everything we can that doesn't expose obvious security risks. But this opens up more subtle abuses and risks (especially as people seem much more willing to go snooping through computer logs than other records, perhaps because computer logs are seen as 'less private').

So I'd like to urge sysadmins to consider the merits of not logging things. Consider if you really need to know that piece of information, or whether you're hoovering it up just because.

(The issue is not new with computers; librarians have been dealing with this for a long time and take it quite seriously.)

Written on 12 January 2006.
« Recording attribute access and method calls
How not to set up your DNS (part 7) »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu Jan 12 02:17:05 2006
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.